chore: set default storage class to csi-disk driver

feat(forgejo): updated secret ref for a bucket name
feat(forgejo): backup s3 directly to pvc
2025-08-08 15:24:04 +02:00 · 2025-08-01 10:18:38 +02:00 · 2025-07-31 15:59:25 +02:00 · 2025-07-31 15:24:39 +02:00 · 2025-07-30 14:35:42 +02:00
5 changed files with 96 additions and 2 deletions
--- a/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
+++ b/template/stacks/forgejo/forgejo-server/manifests/forgejo-s3-backup-cronjob.yaml
@ -0,0 +1,83 @@
 apiVersion: batch/v1
 kind: CronJob
 metadata:
  name: forgejo-s3-backup
  namespace: gitea
 spec:
  schedule: "0 1 * * *"
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: rclone
            image: rclone/rclone:1.70
            imagePullPolicy: IfNotPresent
            env:
            - name: SOURCE_BUCKET
              valueFrom:
                secretKeyRef:
                  name: forgejo-cloud-credentials
                  key: bucket-name
            - name: AWS_ACCESS_KEY_ID
              valueFrom:
                secretKeyRef:
                  name: forgejo-cloud-credentials
                  key: access-key
            - name: AWS_SECRET_ACCESS_KEY
              valueFrom:
                secretKeyRef:
                  name: forgejo-cloud-credentials
                  key: secret-key
            volumeMounts:
            - name: rclone-config
              mountPath: /config/rclone
              readOnly: true
            - name: backup-dir
              mountPath: /backup
              readOnly: false
            command:
            - /bin/sh
            - -c
            - |
              rclone sync source:/${SOURCE_BUCKET}/packages /backup -v --ignore-checksum
          restartPolicy: OnFailure
          volumes:
          - name: rclone-config
            secret:
              secretName: forgejo-s3-backup
          - name: backup-dir
            persistentVolumeClaim:
              claimName: s3-backup
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: s3-backup
  namespace: gitea
  annotations:
    everest.io/disk-volume-type: SATA
    everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
 spec:
  storageClassName: csi-disk
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 50Gi
 ---
 apiVersion: v1
 kind: Secret
 metadata:
  name: forgejo-s3-backup
  namespace: gitea
 type: Opaque
 stringData:
  rclone.conf: |
    [source]
    type = s3
    provider = HuaweiOBS
    env_auth = true
    endpoint = obs.eu-de.otc.t-systems.com
    region = eu-de
    acl = private
--- a/template/stacks/forgejo/forgejo-server/values.yaml
+++ b/template/stacks/forgejo/forgejo-server/values.yaml
@ -1,3 +1,4 @@
 # This is only used for deploying older versions of infra-catalogue where the bucket name is not an output of the terragrunt modules
 {{{- define "BUCKET_NAME" -}}}
 {{{- if (getenv "FORGEJO_BUCKET_NAME") -}}}
 {{{ getenv "FORGEJO_BUCKET_NAME" }}}
@ -27,8 +28,10 @@ postgresql-ha:
 persistence:
  enabled: true
  size: 200Gi
  storageClass: csi-disk
  annotations:
    everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
    everest.io/disk-volume-type: SATA
 test:
  enabled: false
--- a/template/stacks/observability/grafana-operator/manifests/grafana.yaml
+++ b/template/stacks/observability/grafana-operator/manifests/grafana.yaml
@ -6,7 +6,11 @@ metadata:
    dashboards: "grafana"
 spec:
  persistentVolumeClaim:
    metadata:
      annotations:
        everest.io/disk-volume-type: SATA
    spec:
      storageClassName: csi-disk
      accessModes:
        - ReadWriteOnce
      resources:
--- a/template/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
+++ b/template/stacks/observability/victoria-k8s-stack/manifests/vlogs.yaml
@ -9,7 +9,9 @@ spec:
  storageMetadata:
    annotations:
      everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
      everest.io/disk-volume-type: SATA
  storage:
    storageClassName: csi-disk
    accessModes:
      - ReadWriteOnce
    resources:
@ -21,4 +23,4 @@ spec:
      cpu: 500m
    limits:
      memory: 10Gi
-      cpu: 2
+      cpu: 2
--- a/template/stacks/observability/victoria-k8s-stack/values.yaml
+++ b/template/stacks/observability/victoria-k8s-stack/values.yaml
@ -289,7 +289,9 @@ vmsingle:
    storageMetadata:
      annotations:
        everest.io/crypt-key-id: {{{ .Env.PVC_KMS_KEY_ID }}}
        everest.io/disk-volume-type: SATA
    storage:
      storageClassName: csi-disk
      accessModes:
        - ReadWriteOnce
      resources:
@ -880,7 +882,7 @@ grafana:
  enabled: false
  # all values for grafana helm chart can be specified here
  persistence:
-    enabled: true
+    enabled: false
    type: pvc
    storageClassName: "default"
  grafana.ini:
Author	SHA1	Message	Date
Fritz-Leo.Ochsmann	ddc7ed4905	chore: set default storage class to csi-disk driver	2025-08-08 15:24:04 +02:00
evdo	ccd9d08ec2	feat(forgejo): updated secret ref for a bucket name	2025-08-01 10:18:38 +02:00
Fritz-Leo.Ochsmann	414054b466	feat(forgejo): backup s3 directly to pvc	2025-07-31 15:59:25 +02:00
Richard Robert Reitz	a87633f2e5	fix(s3backup): doing a local backup first and then push it to remote, which is still on the same OBS store	2025-07-31 15:24:39 +02:00
Daniel Sy	64d4bf9c0b	feat(manifest): 🎉 WIP Add CronJob and Secret for S3 backups Adds a new CronJob for scheduled S3 backups using rclone, along with a corresponding Secret for AWS credentials. This introduces automated backup functionality for the Forgejo server, enhancing data protection and recovery capabilities.	2025-07-30 14:35:42 +02:00